From c3f752db4a8286be00ad1d8b2a9fab37dc8d116d Mon Sep 17 00:00:00 2001
From: Thomas Bernard <miniupnp@free.fr>
Date: Sat, 9 Mar 2019 11:06:45 +0100
Subject: [PATCH] miniupnpd/netfilter: fix iptables_init.sh for postrouting
 chain

should fix #334
---
 miniupnpd/netfilter/iptables_init.sh | 32 ++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/miniupnpd/netfilter/iptables_init.sh b/miniupnpd/netfilter/iptables_init.sh
index 1983277..705f34e 100755
--- a/miniupnpd/netfilter/iptables_init.sh
+++ b/miniupnpd/netfilter/iptables_init.sh
@@ -6,6 +6,7 @@
 EXT=1
 . $(dirname "$0")/miniupnpd_functions.sh
 
+# MINIUPNPD chain for nat
 if [ "$NDIRTY" = "${CHAIN}Chain" ]; then
 	echo "Nat table dirty; Cleaning..."
 elif [ "$NDIRTY" = "Chain" ]; then
@@ -22,6 +23,22 @@ if [ "$CLEAN" = "yes" ]; then
 	$IPTABLES -t nat -F $CHAIN
 fi
 
+# MINIUPNPD chain for mangle
+if [ "$MDIRTY" = "${CHAIN}Chain" ]; then
+	echo "Mangle table dirty; Cleaning..."
+elif [ "$MDIRTY" = "Chain" ]; then
+	echo "Dirty Mangle chain but no reference..? Fixing..."
+	$IPTABLES -t mangle -A PREROUTING -i $EXTIF -j $CHAIN
+else
+	echo "Mangle table clean..initializing..."
+	$IPTABLES -t mangle -N $CHAIN
+	$IPTABLES -t mangle -A PREROUTING -i $EXTIF -j $CHAIN
+fi
+if [ "$CLEAN" = "yes" ]; then
+	$IPTABLES -t mangle -F $CHAIN
+fi
+
+# MINIUPNPD chain for filter
 if [ "$FDIRTY" = "${CHAIN}Chain" ]; then
 	echo "Filter table dirty; Cleaning..."
 elif [ "$FDIRTY" = "Chain" ]; then
@@ -35,3 +52,18 @@ fi
 if [ "$CLEAN" = "yes" ]; then
 	$IPTABLES -t filter -F $CHAIN
 fi
+
+# MINIUPNPD-POSTROUTING chain (for nat)
+if [ "$NPDIRTY" = "${CHAIN}-POSTROUTINGChain" ]; then
+	echo "Postrouting Nat table dirty; Cleaning..."
+elif [ "$NPDIRTY" = "Chain" ]; then
+	echo "Dirty POSTROUTING NAT chain but no reference..? Fixing..."
+	$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j $CHAIN-POSTROUTING
+else
+	echo "POSTROUTING NAT table clean..initalizing.."
+	$IPTABLES -t nat -N $CHAIN-POSTROUTING
+	$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j $CHAIN-POSTROUTING
+fi
+if [ "$CLEAN" = "yes" ]; then
+	$IPTABLES -t nat -F $CHAIN-POSTROUTING
+fi